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TO ALL WHOM IT MAY CONCERN: 

Be it known that WE, THOMAS TALANIS and FRANK VOLKMANN, 
citizens of Greece and Germany, respectively, whose post office addresses are 
Adenauerstrasse 22, 91336 Heroldsbach, Germany; and Preysingstr. 12, 90475 
Nuernberg, Germany, respectively, have invented an improvement in 

SYSTEM AND METHOD FOR THE OPERATOR CONTROL AND FOR THE 
MONITORING OF AN AUTOMATION SYSTEM OVER THE INTERNET 
USING AN ASYMMETRIC INTERNET CONNECTION 

of which the following is a 

SPECIFICATION 

FIELD OF THE INVENTION 
[0001] The invention relates to a system and a method for transmitting data over 

the Internet, in particular data for operating and monitoring an automation system. 

BACKGROUND OF INVENTION 
[0002] The use of the WWW (World Wide Web), which is also referred to as the 

Internet, makes it possible to set up a data connection to a web server or Internet 
Information Server (IIS) from any computer which has access to the Internet. The access 
to an Internet Server is made, for example, using known Internet browsers, for example 
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Internet Explorer from Microsoft or the Internet browser from Netscape. When a data 
connection is set up from a web client, a request is output to an Internet Server by 
inputting and dispatching a URL address. When a data connection comes about, the 
called Internet server responds with a HTML (Hyper Text Markup Language) page. The 
WWW clients, for example Netscape or Internet Explorer, communicate with the WWW 
servers via the Hypertext Transport Protocol (HTTP). Each data connection between the 
WWW client and WWW server is thus based on a request protocol, and a response 
protocol in reaction thereto. 

[0003] DE-A-198 08 616 discloses a method for the remote control of equipment 

by means of a computer which is located geographically remotely therefrom, and for 
transmitting current information from the equipment to the computer over the Internet, a 
bidirectional information channel for mutual exchange of data being connected between 
the computer and the equipment. 

SUMMARY OF THE INVENTION 
[0004] The present invention is based on the object of specifying a system and a 

method for transmitting data over the Internet which also permits bidirectional 
transmission of data, independently in terms of timing, between two data processing 
devices which can be connected to the Internet, even behind fire walls and even if one of 
the two data processing devices is not visible on the Internet, i.e. is not an Internet Server. 
[0005] The invention is based on the recognition that with the Internet an "active" 

data connection to a client which is not visible on the Internet is not possible, but rather 
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only a data connection between any desired client which is connected to the Internet and 
any desired server which is visible on the Internet. This disadvantage is overcome in a 
surprisingly simple way by virtue of the fact that two mutually independent data 
connections are set up to the Internet Server of an automation system from the client. 
Specifically, two connection requests are successively transmitted to the Internet Server 
of the automation system from the client which can serve as a fully capable operator 
control and monitoring system after the bidirectional data connections have been set up. 
The Internet Server responds to these connection requests and thus makes available two 
asymmetrical data connections which are independent of one another and via which the 
client, as B&B system and the automation system can communicate with one another at 
their own initiation. A bidirectional data connection, which also permits data to be 
transmitted from the server to the client, is functionally safeguarded between the client 
and server, or in other words between the operator control and monitoring system and the 
automation system. This is based on the establishment of the two independent data 
connections to the server via the Internet which are set up from the client. By way of 
these two "dedicated lines", the client is permanently connected to the server so that 
bidirectional transmission of data, independently in terms of timing, is made possible in 
both directions between the client and server. Such a data connection is suitable in 
particular for operating and monitoring an automation system, with the client being able 
to function as an operator control and monitoring system which can be activated from any 
computer which is connected to the Internet. In contrast to conventional Internet data 
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connections, an asymmetrical data transmission method is thus obtained which does not 
require the client to be visible on the Internet or to have installed a web server (IIS = 
Internet Information Server). This makes it possible to set up a bidirectional data 
connection to a server at any desired location in the world, in front of and behind fire 
walls. Because the data connection is activated from the client, i.e. From the B&B 
system, it is not necessary for the server to actively set up a connection to the client at its 
own initiation. Furthermore, it is not necessary to change the configuration of the client. 
[0006] It is possible to ensure that the data connection or connections is/are 

maintained by transmitting dummy data, even in the absence of user data, in order to 
maintain the transmission channels. In addition, in order to maintain a permanent data 
connection, information is transmitted to the Internet Server, said information informing 
the Internet Server that there is still an intention to transmit user data. 
[0007] A particularly preferred application of the present invention using existing 

Internet infrastructures for a bidirectional data transmission, is to provide the method for 
operating and monitoring an automation system is provided over the Internet. A 
connection of the automation and communications technology can be configured easily in 
such a way that the operator control and monitoring system of the client initiates the 
provision of the transmission channels as a distributed object, in particular as a DCOM 
object, and that the connection setup to the automation system is made via a DCOM 
server. 
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DRAWINGS 

[0008] The present invention is further described and explained in more detail 

below with reference to the exemplary embodiments illustrated in the figures, in which: 

FIGURE 1 shows a block circuit diagram of an exemplary embodiment of 
an automation system with Internet connection for operating and monitoring; 

FIGURE 2 shows a schematic, chronological representation of the 
bidirectional connection set up between client and automation system; and 

FIGURE 3 shows a schematic chronological representation of possible 
user data communication between client and automation system. 

DETAILED DESCRIPTION OF THE INVENTION 
[0009] Figure 1 shows an exemplary embodiment of a system for operating and 

monitoring automation systems 5 which have, for example, stored program controllers 
(SPS), numerical controllers (NC) and/or drives. The system has an operator control and 
monitoring system 1 (B&B client) which is connected to a fire wall computer 2 (= proxy) 
via an internal data network 6, for example the Ethernet. The operator control and 
monitoring system 1, which is also referred to below for short as B&B system 1, is 
assigned a local Intranet address which does not need to be known in the Internet. The 
fire wall of the fire wall computer 2 which surrounds the internal communications 
network 31 (= Intranet 31) of the fire wall server 3 is indicated using the line 9a in 
Figure 1 . The Internet, the worldwide data communications network, is labeled with the 
reference symbol 10. The fire wall computer 2 can be connected via a connecting line 7, 
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for example ISDN, to the Internet 10. The automation system 5 can be connected to the 
Internet 10 via an Internet server 4, which serves as a B&B server for the automation 
system 5 and which has the Internet address dcomserver.khe.siemens.de/, via a 
connecting line 8 and in each case a second fire wall computer 3. The second fire wall 
computer 3 surrounds the Intranet 32 assigned to the fire wall computer 3 and is visible 
on the Internet 10 at the Internet address khe.siemens.de. 

[0010] The setup of a bidirectional transmission and reception connection 

between the client 1 and the B&B server 4 over the Internet 10, the connections being 
independent of one another in terms of timing, will be explained below by way of the 
following example. An asymmetric method is used which makes it possible to set up a 
bidirectional data connection even from the client 1 which does not need itself to be 
visible on the Internet 10, i.e. client 1 does not have its own valid Internet address. Client 
1 sends a first request over the Internet to the Internet Server 4 to which the Internet 
server 4 reacts with a response. In order to avoid a chronological interruption of the 
response, and thus aborting of the data connection, the duration of the response is 
expanded so as to be "infinitely" long. For this purpose, the system is informed that 
further data are to be transmitted. This results in a response channel over which the web 
server 4, and thus the automation system 5, can transmit data to the client 1, and thus to 
the B&B system 1, at any time. This first data transmission channel is labeled in Figure 1 
by the reference symbol 6a, 7a, 8a. A second data transmission channel is set up by the 
client 1 by sending a second request to the Internet Server 4 of the automation system 5, 
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and thus setting up a data transmission channel 6b, 7b, 8b to the server 4. The client can 
dispatch his request or requests to the server 4 on said channel as a forward channel. 
Overall, from the point of view of the client 1 a forward channel 6a, 7a, 8a, and a back 
channel 6b, 7b, 8b are thus formed. Over these two channels, the client 1 and the Internet 
Server 4 can bidirectionally transmit and receive, independently of one another in terms 
of timing, data. 

[0011] Figure 2 shows a schematic, chronological representation of the 

bidirectional connection setup between a client 1 (B&B system) and an Internet Server 4 
(IIS = Internet Information Server) of an automation system 5 (see Figure 1). In a first 
step, a first "get" request 20 (= connection request, back channel) initiated from the client 
1 is made to the server 4. The server (4) replies in step 21 in the form of a response, to be 
interpreted here as an acknowledgement. In the next step, a "post" request 22 
(= connection request, forward channel) is sent from the client 1 to the server 4, which 
responds to this with a reply 23 as a response. The "get" channel is established before the 
post channel so that here even in the actual acknowledgement the server can transmit 
connection data to the client which are required for the setup of the second ("post") 
connection. 

[0012] The principal bidirectional connection setup between client 1 and server 4 

thus takes place in a two-stage request 20, 22 with respectively associated response 21, 
23. In each case it is ensured that the data connections are maintained by virtue of the 
fact that dummy data 24 are transmitted even during the absence of user data in order to 
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maintain the transmission channels, and that information is transmitted to the B&B server 
4, said information informing the B&B server 4 that there is still an intention to transmit 
user data. 

[0013] Figure 3 shows the timing sequence of the establishment 26 of a forward 

channel and back channel between a B&B system 1 and a B&B server 4 to which an 
automation system 5, designated by way of example as SPS (= stored program controller) 
is connected. The presentation is made here using the UML (Unified Modeling 
Language) notation. Furthermore, Figure 3 shows the bidirectional communication over 
these channels which can be initiated independently of one another in terms of timing by 
client 1 and server 4 after the establishment of the connection. The timing sequence for 
establishing the connection is as follows: the client 1 makes a HTTP get request 1 1 to the 
server 4, which acknowledges this with a response 12, the connection not being released 
with the acknowledgement. Via this connection ("get channel"), the server 4 and the 
automation system 5 which is connected to the server transmits all the data to be 
transmitted to the client 1. After the response 12 of the server 4, the client transmits a 
HTTP post enquiry 13 to the server 4 which in turn replies with a response 14. Via this 
connection ("post channel"), the client 1 transmits all the data which he wishes to 
transmit, for example as an enquiry 28, to the server 4 and to the automation system 5 
which is connected thereto. Although the request response cycle is terminated on the post 
channel, the connection remains. When necessary, the client 1 sends an enquiry to the 
server 4 via the get channel 15, in response to which the server reacts with a reply on the 
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post channel 16 (= synchronous behavior). If the server 4 wishes to send the client 1 
a message, for example a reply 29 or a reaction to an event 30 in the SPS 5, it can 
transmit this on the post channel without the client having previously made a request 
(= callback 17). This would not be possible with a "normal" HTTP connection. 
[0014] There is thus a user data communication 27 over the Internet in both 

directions independently in terms of timing, which user data communication 27 can be 
initiated by both sides. In this way, it becomes possible to use an existing 
communication path of the Internet for automation technology in a customary way 
for operator control and monitoring purposes as a HMI (Human Machine Interface). 
One possible advantageous application of this method is, for example, the operator 
control and monitoring system WinCC from Siemens. The system and method according 
to the invention permit DCOM orders to be transmitted from the client 1 to the Internet 
Server 4. This makes it possible for the Internet Server 4 to transmit DCOM events to its 
client without said client having a "real" address, i.e. one which is visible on the Internet. 
No additional costs are thus required on the client side because Internet browsers, like 
Internet Explorer from Microsoft or the Internet browser from Netscape, are available 
everywhere. No particular special solutions are therefore necessary to exchange data 
between the automation system and the B&B user, for example for alarm issuing 
purposes. 

[0015] In summary, the method of the present invention provides a system and a 

method for transmitting data over the Internet, in particular data for operating and 
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monitoring an automation system 5 using a bidirectional user data connection, even 
behind fire walls over the Internet in both directions and even from a client which is not 
visible as a server in the Internet. In accordance with the method and a system, a first 
connection request 20 for setting up a first transmission channel is transmitted from a first 
data processing device 1 of a client, in particular from an operator control and monitoring 
system 1, to an Internet server 4 of an automation system 5 via an Internet connection 6, 
7, 8. A second connection request 22 for setting up a second transmission channel 31 is 
transmitted to the Internet Server 4 from the client 1, the first transmission channel 30 
and the second transmission channel 3 1 being provided for bidirectionally transmitting 
and receiving, independently of one another in terms of timing, data between the client 
and the Internet Server 4 over the Internet. An unlimited period of use of the 
transmission channels is ensured by virtue of the fact that dummy data are transmitted 
even in the absence of user data in order to maintain the transmission channels. 
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